The npm repository now contains 48 new malicious npm packages that can be used to install a reverse shell on infected systems. Software supply chain security company Phylum claimed, “These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install.”
A user on npm called hktalent (GitHub, X) has released all of the fake packages. 39 of the items that the author posted are still downloadable as of this writing. Through an install hook in the package, the attack chain is started after the package is installed.json that creates a reverse shell to rsh.51pwn[.]com by invoking a JavaScript function.